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I was involved in the preparation and filing of the above-identified patent application 
under the supervision of Ms. L.Joy Griebenow, who was an employee and Senior Counsel in 
the Legal-Intellectual Property department of Hewlett-Packard Company at the time the above- 
identified patent application was prepared and filed. 

Munsch Hardt was engaged by Hewlett-Packard to prepare the above-identified patent 
application. Attached hereto as Exhibit A is a true copy of a correspondence received from 
L.Joy Griebenow on a date prior to December 5, 2003, with portions redacted as noted, 
requesting a quoted cost for preparing and filing the above referenced patent application. Upon 
the engagement of Munsch Hardt, the above-identified patent application was duly docketed for 
preparation in the ordinary course of business. In the course of this engagement, a review of 
the disclosure materials and telephonic interviews were conducted with the inventor(s) in the 
course of preparing a draft version of the above-identified patent application. Feedback from 
the inventor(s) was solicited in preparing and revising the draft version of the patent application. 
Attached hereto as Exhibit B is a true copy of time records and accompanying service details, 
with portions redacted as noted, that were entered into a Sage Carpe Diem billing software 
product used by Munsch Hardt for time and expense tracking for services relating to the 
preparation of the above-identified patent application. Attached hereto as Exhibit C are true 
copies of a letter (dated prior to December 5, 2003) and emails (dated December 9, 2003, 
December 16, 2003, and December 18, 2003) transmitting draft versions of the patent 
application and soliciting/discussing feedback from the inventors regarding draft versions of the 
patent application. Attached hereto as Exhibit D is a true copy of an email (dated prior to 
December 5, 2003) transmitting a draft version of the patent application for review by Ms. L.Joy 
Griebenow. After the draft was completed to the satisfaction of the inventors, the completed 
draft application was submitted to Ms. LJoy Griebenow via e-mail for review on or about 
February 10, 2004. A copy of that e-mail is attached hereto as Exhibit E, with portions redacted 
as noted. 

I received feedback from Ms. L.Joy Griebenow on the draft application on or around 
February 11, 2004. In the ordinary course of business, I incorporated that feedback into the 
final version of the application and sought the inventor's final review and approval of the 
application, which was filed in the U.S. Patent and Trademark Office on February 17, 2004. 

During the time period after being engaged to prepare a patent application, my typical 
practice is to prepare and/or supervise the preparation of draft applications based on the 
chronological order in which Munsch Hardt was engaged to prepare the application. These 
typical practices were subject to interruption by emergency matters such as impending bar 
dates in other cases or time deadlines imposed by federal law for responding to 
communications from the U.S. Patent and Trademark office in other matters that I am involved 
with and/or are under my supervision. 

I hereby declare that all statements made herein of my own knowledge are true and that 
all statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States 
Code, and that such willful false statements may jeopardize the validity of the application or any 
patent issued thereon. 
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SIGNATURE 

James L Baudino- jf ~7 s)£2 

Signature ^ggjgg^g/^^^g^f Date: J~ /— 



Citizenship: United States of America 

Residence: Arlington, Texas 
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Hewlett-Packard Company 
Legal Department MS 79 
3404 E Harmony Rd 
Ft. Collins, CO 80528 



invent www.hp.com 



Uoy Griebenow REDACT 

IP ATTORNEY 

JameS L B0UclinO 

REDACT Munsch Hardt Kopf & Hair, P.C. 

4000 Fountain Place 
1 445 Ross Avenue 
Dallas, TX 75202-2790 



RE: Preparation of Patent Application 

Pursuant to Outside Counsel Procedures REDACT 
HP Reference No.;20031 4073-1 
Entitled; REDACT ______ 

HP Required Date; REDACT 



Dear James; 



We would like you to provide a quote of the cost for your firm to prepare a US Patent 
application based on the HP Invention Disclosure identified above, a copy of which is 
enclosed. 



Your quote should be based on preparing an application including the items noted on 
the enclosed Outside Counsel Checklist and according to HP's Outside Counsel 
Procedures referenced above, for filing by our Required Date. 

Your quote should be submitted on the enclosed Request for Quote and Engagement 
Letter Agreement. If your quote is accepted, we will return a fully executed copy of 
the Agreement to you for your records. The Agreement will not be binding on you or 
on HP until signed by HP's authorized representative. 

If the Agreement is not signed and returned to HP, any bills submitted by you cannot 
be paid. 



Thank you for your assistance in reviewing this invention disclosure. If your review 
indicates a possible conflict for your firm, you should advise us within one week of 
receipt of this letter. 

Sincerely, 

L.Joy grieSenow/tas 

L.Joy Griebenow 



Enc: HP Invention Disclosure 
RFQ 

Filing Procedures Checklist 
Supplemental Procedures for New Cases 
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EXHIBIT B 



Date Initials Name / Invoice Number 
REDACT 488 Jim Baudino 



REDACT 



488 Jim Baudino 



Hours Amount 



2.90 



3.20 



Description 
Reviewing invention disclosure information; 
telephone conference with Ms. Griebenow 
regarding the disclosure information; 
researching authentication schemes in 
preparation for inventor interview. 

Preparing for inventor interview; telephone 
conference with Mr. AN regarding the 
invention; performing patentability search 
directed toward the invention. 



REDACT 
REDACT 
REDACT 



488 Jim Baudino 



488 Jim Baudino 



488 Jim Baudino 



1.20 



2.40 



1.20 



Reviewing the results of the patentability 
search. 

Formulating strategy for application figures; 
laying out the figures for the application. 

Reviewing and revising the figures. 



REDACT 



REDACT 



REDACT 



488 Jim Baudino 



488 Jim Baudino 



488 Jim Baudino 



4.00 



3.20 



4.10 



REDACT 



488 Jim Baudino 



4.30 



Formulating strategy for claims; drafting a 
first set of claims for the application; 
drafting a second set of claims for the 
application. 

Reviewing and revising the first and second 
sets of claims; drafting a third set of claims; 
reviewing and revising the third set of claims. 

Reviewing and revising the figures; drafting 
the background of the invention; drafting the 
summary of the invention; drafting the brief 
description of the drawings; reviewing and 
revising the claims; reviewing and revising the 
summary; reviewing and revising the background. 

Drafting the detailed description of the 
invention. 



REDACT 



488 Jim Baudino 



3.40 



Reviewing and revising the detailed description 
of the invention. 



REDACT 



488 Jim Baudino 



1.90 



Telephone conference with Mr. AN regarding the 
invention; reviewing and revising the detailed 
description; reviewing and revising the claims; 
reviewing and revising the summary; drafting 
the abstract. 



REDACT 



488 Jim Baudino 



12/22/2003 488 Jim Baudino 



1/27/2004 488 Jim Baudino 



1.90 



1.70 



1.00 



Reviewing and revising the figures; reviewing 
and revising the claims; reviewing and revising 
the detailed description. 

Reviewing inventor comments for application 
draft; reviewing and revising the application 
draft. 

Telephone conference with the inventors 
regarding the draft application; reviewing and 
revising the figures; reviewing and revising 
the detailed description; reviewing and 
revising the claims. 
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EXHIBIT C 



• mmum 



Dt 



DALLAS i AUSTIN 



PC 4000 Fountain Place 

1445 ROSS AVGHUS 

ATTORNEYS * COUNSELORS ^ ^ 75202 . 2790 

Main 214.855.7500 
" Fax 214.855.7584 
Web munsch.com 

REDACT 

REDACT 



Valiuddin Ali 
Hewlett-Packard Company 

REDACT 



Re: U.S. Patent Application 
Entitled: Redact 

Inventors: Valiuddin Ali and Matthew J, Wagner 
Your Ref. No.: redact 
Our File No.: redact 

Dear Mr. Ali: 

red- ~ 

Enclosed is a act draft of the above-identified application for patent along with a copy of 

informal drawings. Please carefully review to see that the application and drawings accurately 
and adequately describe the invention. After your review, please forward the application and 
drawings to Mr, Matthew J. Wagner for his review. After you and Mr. Wagner have 
completed your review, please fax or e-mail any changes or corrections to me at redact 
redact 

Please note that the inventor has a duty to disclose material prior art to the PTO. Such 
prior art includes relevant patents and printed publications, information concerning public use of 
methods or apparatus related to the invention, and information on public use or sales of the 
invention (or related methods or apparatus) made more than a year ago. Failure to disclose such 
prior art may invalidate any patent issuing on the application. 

Should you have any questions or comments, please do not hesitate to contact me. 

Sincerely, 

REDACT 

James L. Baudino 

JLB:jbf 
Enclosures 

cc: LJoy Griebenow (via e-mail w/encls.) 



DALLAS 899471 .1 5804.291 



From: 

Sent: 

To: 

Subject: 



Baudino, Jim 

Tuesday, December 09, 2003 4:13 PM 

REDACT 

Patent Apps 



Attachments: 



200314073-1 (Authentication System).DOC; 200314072-1 (Recovery Mechanism). DOC 





200314073-1 200314072-1 
(Authentication Sy..Recovery Mechanis.. 



James (Jim) L. Baudino 
Munsch Hardt Kopf & Harr, P.C. 

REDACT 



This e-mail message is for the sole use of the intended recipieni(s) end may contain confidential and privileged information. Any unautlxirized review, 
use, disclosure or distribution is prohibited. The contents of this email are confidential and may be subject to the attorney client and work product 
privileges. If you are not the intended recipient please contact the sender by reply e-mail and destroy all copies of the original message. Please virus 
check all attachments to prevent v/idespread contamination and cotruption of fifes and operating systems. 
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From: Ali, Vali redact 

Sent: Tuesday, uecemoer 1o\ zuua 4:u9 PM 

To: Baudino, Jim 

Cc: Novoa, Manny; Wagner, Matthew; Ali, Vali 

Subject: Revised patent write-ups. .. 

Importance: High 

Attachments: 200314073-1 (Authentication System) - HP edits.zip 




200314073-1 
(Authentication Sy... 

<<200314073-1 (Authentication System) - HP edits. zip>> 

Jim, 

Please find the modified patent write-ups for the two applications that you forwarded to 
us last week. The edits include comments form Manny Novoa, Matthew Wagner, and myself. 
Some of these are direct edits and others are comments (I have turned on the track changes 
so you can view our changes) . Please advise when or if you want to have a follow-up call 
for us to go over these with you. We are okay with these changes for you to word smith 
(put in legalese) and submit to Patent Office. 

Thx. 



Vali Ali 
REDACT 
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From: 

Sent: 

To: 

Subject: 



Baudino, Jim 

Thursday, December 18, 2003 7:27 AM 
'Ali, Vali' 

RE: Revised patent write-ups- 



Received. I will probably want to go over your changes as well as any comments received 
from Ms. Griebenow. I have forwarded your request to Ms. Griebenow to add Manny as an 
inventor on 200314073-1. I should be able to call you either later today or tomorrow to 
discuss. REDACT 
REDACT 

Original Message 

From: Ali, Vali [mailto: REDACT 

Sent: Tuesday, December 16, 2003 4:09 PM 

To: Baudino, Jim 

Cc: Novoa, Manny; Wagner, Matthew; Ali, Vali 
Subject; Revised patent write-ups. . . 
Importance: High 



<<200314073-1 (Authentication System) - HP edits. zip>> 



Please find the modified patent write-ups for the two applications that you forwarded to 
us last week. The edits include comments form Manny Novoa, Matthew Wagner, and myself. 
Some of these are direct edits and others are comments (I have turned on the track changes 
so you can view our changes) . Please advise when or if you want to have a follow-up call 
for us to go over these with you. We are okay with these changes for you to word smith 
(put in legalese) and submit to Patent Office. 



Jim, 



Thx. 



Vali Ali 
REDACT 
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EXHIBIT D 



From: 

Sent: 

To: 

Subject: 
Attachments: 



GRIEBENOW.LJOY REDACT 
REDACT 

Baudiho, Jim; GRIEBENOW,L JOY 
HP 200314073-1 

HPJ20031.pdf 



HP_2003i.pdf (970 
KB) 



Please open the attached document. 

This document was sent to you using an HP Digital Sender. 



Sent by: 

Number of pages: 
Document type: 
Attachment File Format: 



GRIEBENOW, L . JOY REDACT 

22 

B/W Document 
Adobe PDF 



To view this document you need to use the Adobe Acrobat Reader. 
For free copy of the Acrobat reader please visit: 

http : //www. adobe .com 

For more information on the HP Digital Sender please visit: 

REDACT 
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EXHIBIT E 



From: 

Sent: 

To: 

Subject: 



Baudino, Jim 

Tuesday. February 10. 2004 1:14 PM 

REDACT 



200314073-1 Revised Draft 



Attachments: 



200314073-1 (Authentication System).DOC; 200314073-1DWGS.pdf 



LJoy, 

Attached is the revised draft of the application. 

James (Jim) L. Baudino 
MunschHardtKopf&Harr.P.C. , . . 

REDACT 



This e-mail message is for the sole use of the intended redpient(s) and may contain confidential and privileged information. Any unauthorized^ 
use disclosure or distribution is prohibited. The contents of this.email are confidential and may be subject to the attorney chent and work prod 
privileges, if you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Pleat 
check all attachments to prevent widespread contamination and corruption of files and operating systems. 





200314073-1 200314073-1DWGS 
(Authentication Sy... .pdf (515 KB) 
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IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 



Applicants: Matthew J. WAGNER, et. al. Confirmation No.: 1613 
Application Serial No.: 1 0/780,397 

Filed: February 17, 2004 

Title: COMPUTER SECURITY SYSTEM AND METHOD 

Group Art Unit: 2115 

Examiner: Abbaszadeh, Jaweed A. 

Docket No.: 200314073-1 



Mail Stop: Amendment 

Commissioner for Patents 

P.O. Box 1450 

Alexandria, VA 22313-1450 

DECLARATION OF MATTHEW J. WAGNER 
UNDER 37 C.F.R. SECTION 1.131 

I, Matthew J. Wagner, a co-inventor of the above-referenced patent application, am an 
employee of Hewlett-Packard Company, the assignee of this invention and application. 
Enclosed hereto as Exhibit A is a true copy of an invention disclosure form, with dates and 
portions redacted as noted, which was submitted to the Legal-Intellectual Property department 
of Hewlett-Packard Company in the ordinary course of business as part of Hewlett-Packard 
Company's invention disclosure program on a date prior to December 5, 2003. 

CERTIFICATE OF MAILING 

I hereby certify that this correspondence is being deposited with the United States Postal 
Service with sufficient postage as First Class mail in an envelope addressed to: Mail Stop: 
Amendment, Commissioner for Patents, P.O. Box 1450 Alexandria, V.A. 22313-1450. 

Name of Person Signing Certificate: Allen B. Kroger 



Signature: 




Date: March 10, 2008 



Application Serial No, 10/780,397 



Attorney Docket No. 200314073-1 



The invention that is the subject matter of the claims of the above-referenced application 
was conceived with co-inventors Valiuddin Ali and Manuel Novoa while working in the United 
States for Hewlett-Packard Company. The claimed subject matter of the above-referenced 
application was conceived and illustratively described in the invention disclosure form of Exhibit 
A. Specifically, at least pages 5 and 6 of Exhibit A includes an explanation/illustration of the 
subject matter of the claims in the present application. 

Prior to December 5, 2003, I received and reviewed a draft of the above- referenced 
patent application. On or about February 11, 2004, I received a final draft of the above- 
referenced patent application to review. I reviewed the drafts of the above-referenced 
application and provided to counsel my comments, if any, on the draft applications. 

I hereby declare that all statements made herein of my own knowledge are true and that 
all statements made on information and belief are believed to be true; and further that these 
statements were made with the knowledge that willful false statements and the like so made are 
punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States 
Code, and that such willful false statements may jeopardize the validity of the application or any 
patent issued thereon. 



SIGNATURE 




Residence: 



Cypress, Texas 77429 
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Write in Dark Ink on Front Side Only, Please 







M INVENTION DISCLOSURE pace one of 

™ PDNO 200314073 DATE RCVD REDACT ATTORNEY AWW 


Instructions: The information contained in this document is HP Confidential and may not be disclosed to others without prior authorization. Submit 
this disclosure to the HP Legal Department as soon as possible. No patent protection is possible until a patent application is authorized, prepared, 
and submitted to the Government 



Descriptive Title of Invention: 



Method and procedure for " Enhancing existing self-managed authentication schemes " for systems, system resources, or peripherals. The 
enhancements target the weaknesses in the current schemes and makes them: 
REDACT 



Note that "self-managed" means a system that does not rely on external resources for user / access authentication. This includes storing the user 

credentials securely by and within itself. 

Name of Project: 

Security 

Product Name or Number: 

<None Specifics a . 

Was a description of the invention published, or are you planning to publish? If so, the date(s) and pub!ication(s): 

REDACT 

Was a product or prototype including the invention (i) announced, offered for sale, or sold to any third party (for example, customer, supplier, contract 
manufacturer), or (0) sold to HP by, for example, a supplier or contract manufacturer, or (iii) is such activity proposed? If so, when and to whom?: 

REDACT 

Was the invention disclosed to anyone outside of HP, or will such disclosure occur? If so, the date(s) and name(s): 
REDACT 

If any of the above situations will occur within 3 months, call your P attorney or the Legal Department now at 1-898-4919 or 970*898-4919. 

Was the invention described in a lab book or other record? If so, please identify (lab book #, etc.) 
REDACT 

Was the invention built or tested? If so, the date: 
REDACT 

Was this invention made under a government contract? If so, the agency and contract number 
REDACT 

Description of Invention: Please preserve all records of the invention and attach additional pages for the following. Each additional page should 
be signed and dated by the inventor(s) and witnesses). 

A. Description of the construction and operation of the invention (include appropriate schematic, block, & timing diagrams; drawings; samples; 
graphs; flowcharts; computer listings; test results; etc.) 

B. Advantages of the invention over what has been done before. 

C. Problems solved by the invention. 

D. Prior solutions and their disadvantages (if available, attach copies of product literature, technical articles, patents, etc.). 
REDACT 



Signature of Inventors): Pursuant to my (our) employment agreement, I (we) submit this disclosure on this date: [ ]. 

REDACT Matthew J. Wagner REDACT REDACT psG 

REDACT ~ ' ~ " ~~ ' ~ ' ™" "~ " ° ~ ~ " " = ~ " ^ ~ 



Write in Dark Ink on Front Side Only, Please 



Employee No. 


Name 


Signature 


1 einet Maiistop 


tnuty o LaD (Name 


REDACT 


ValiuddinAli 




REDACT REDACT 


PSG 


Employee No. 


Name 


Signature 


Telnet Maiistop 


Entity & Lab Name 


Employee No. 


Name 


Signature 


Telnet Maiistop 


Entity & Lab Name 


Employee No. 


Name 


Signature 


Telnet Maiistop 


Entity & Lab Name 




{If more than four inve 


ntors, include additional information on another copy of this form and attach to this document) 



REDACT 



Write in Dark Ink on Front Side Only, Please 



INVENTION DISCLOSURE 



HP Confidential 



PAGE 



OF 



Signature Of WitneSS(es): (Please try to obtain the signature oftheperson(s) to whom invention was first disclosed.) 

The invention was first explained to, and understood by, me (us) on this date: [ 



Full Name 



Signature 



Date of Signature 



Full Name 



Data of Signature 



Inventor & Home AddreSS Information: (if more thm four invents, indudeaddi:informa^ono 



Inventor's Full Name 



Street 
REDACT 



City 

REDACT 



State 



Zip 



Do you have a Residential P.O. Address? P.O. BOX 
REDACT 



City 



State 



Zip 



Greeted as {nickname, middle name, etc.) 
REDACT 



Citizenship 



Inventor's Full Name 








Valiuddin Ali 








Street 
REDACT 


City 




State Zip 




REDACT 








Do you have a Residential P.O. Address? P.O. BOX 


City 


State 


Zip 


REDACT 








Greeted as (nickname, middle name, etc.) 




Citizenship 




REDACT 









Inventor's Full Name 



Street 



City 






State 


Zip 


Do you have a Residential P.O. Address? P.O. BOX 


City 




State 




Greeted as (nickname, middle name, etc) 




Citizenship 









Inventor's Full Name 



Street 



REDACT 



Write in Dark Ink on Front Side Only, Please 



City 


State 


Zip 


Do you have a Residential P.O. Address? P.O. BOX 


City State 


Zip 


Greeted as (nickname, middle name, etc.) 


Citizenship 
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Write in Dark Ink on Front Side Only, Please 



Description of Invention: Please preserve ail records of the invention and attach additional pages for the following. Each additional page should 

be signed and dated by the inventorfs) and witness(es). , 

Description of the construction and operation of the invention (include appropriate schematic, block, & timing diagrams; drawings; samples; graphs; 
flowcharts; computer listings; test results; etc.) 

Some computer systems, system resources and peripherals (referred periodically in this Invention Disclosure as 
"device" or "devices") incorporate self-managed authentication mechanisms that require a user credential (e.g. a 
password) as a condition for access. In this context, self-managed means that the device does not rely on an 
external service or other entity to authenticate the user on its behalf REDACT 

REDACT .. Also, self- 

managed implies that the authentication mechanism is not governed by an overarching IT security policy that 
defines, for example, such things as required password attributes, lockout policies or even policies that enforce 
use of the authentication feature. 

This Invention Disclosure describes a method to automate the enablement of such self-managed authentication 
features with little to no user interaction. In addition, this method provides a mechanism by which such 
authentication features could be designed to more tightly integrate with a broader IT infrastructure. Doing so 
enables IT administrators to remotely enable such features on behalf of users or govern their use through a 
security policy (e.g. define minimum acceptable password length, or disallow access to system resources like 
network drives if the feature has been turned off after being enabled by the IT administrator). 

The following steps describe the general methodology: 

- Password protection for the device is invoked either by the user (through a simplified one-touch user 
interface), remotely by an IT administrator or by the computer system itself in response to a defined 
security policy update. 

- Once invoked the computer system automatically generates a strong password that can conform to 
specific password security policy using any number of techniques involving hardware or software. It is 
envisioned that actual implementations will involve generating a random password, encryption key or 
other credential; however, the exact method of creating the password is implementation specific. 

- The computer system BIOS stores the created password using a security subsystem that incorporates any 
number of attributes, but that at a minimum would incorporate some mechanism for encrypting data (in 
this case the password) and a mechanism for controlling access to encrypted data. 

- The computer system BIOS would then enable password protection for the device using the created 
password. The computer system would then destroy the clear text password from all accessible memory 
ensuring no unauthorized access. 

- When access to the protected device is required, the security subsystem would first authenticate the user 
or other requestor. Successful authentication would then allow the above-created password to be 
decrypted and used to access the protected device. 

REDACT 



REDACT 



Write ia Dark Ink on Front Side Only, Please 

REDACT 



REDACT 



REDACT 



REDACT 



REDACT 



The idea described in this Invention Disclosure solves the above problem by defining a unique method REDACT 
REDACT . In this example REDACT 

REDACT access credential (i.e. the password) is "AUTOMATICALLY" created in 

accordance with an IT-defined security password policy and stored securely by some type of security subsystem 
that integrates with a more comprehensive and manageable IT security infrastructure. REDACT 
enabled drive would first require the user to authenticate to the security subsystem, which in turn would decrypt 
the REDACT password and use it to unlock the drive. 

Although the example focused on here REDACT , a hard drive access control mechanism, it is important to 
note that the fundamental idea relates to any computer system, system resource or peripheral that self-manages 
an authentication mechanism that does not integrate at all or easily with broader IT security infrastructure. 



REDACT 



Write in Dark Ink on Front Side Only, Please 

REDACT 



(1) User transparency - Minimizes any burden on users by not requiring them to remember another 
password or to conform to strong password policies that make it difficult to remember or accurately enter 
a password. 

(2) Security policy integration - By offloading user authentication to a separate security subsystem, an 
opportunity is created to integrate self-managed authentication mechanisms into a centrally managed and 
deployed security policy infrastructure, assuming that the security subsystem is integrated into such an 
infrastructure. 

(3) Strengthens security - Overall security of the system is enhanced by minimizing user burden improving 
the likelihood that users will use the feature or not undermine it by, for example, insecurely storing 
passwords on handwritten notes or choosing inherently weak passwords. In addition, potential integration 
with a broader security policy infrastructure creates an opportunity to enforce strong password policies 
that otherwise would likely not be implemented if left to individual user discretion. 

(4) Remote deployment - IT administrators are potentially able to remotely enable self-managed 
authentication mechanisms on behalf of users without the burden of having to create and manage 
passwords users use for day-to-day access to a protected device. 



Problems solved by the invention. 

This invention enhances and enables self-managed authentication mechanisms of computer systems, system 
resources or peripherals to be used with greater user transparency by allowing the access credential (e.g. 
password) to be managed by a separate security subsystem. In this context transparency implies that little to no 
user interaction or awareness is required to take advantage of the security feature. 

By transparently creating and managing an access credential on behalf of the user several problems are averted: 
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INVENTION DISCLOSURE page one of 

PDNO 200314073 DATE RCVD REDACT ATTORNEY AV*W 


Instructions: The information contained in this document is HP Confidential and may not be disclosed to others without pnor authorization. Submit 
this disclosure to the HP Legal Department as soon as possible. No patent protection is possible until a patent application is authorized, prepared, 
and submitted to the Government 



Descriptive Title of Invention: 



Method and procedure for " Enhancing existing self-managed authentication schemes " for systems, system resources, or peripherals. The 
enhancements target the weaknesses in the current schemes and makes them: 
REDACT 



Note that 'self-managed" means a system.that does not rely on external resources for user / access authentication. This includes storing the user 

credentials securely by and within itself. 

Name of Project: 

Security 

Product Name or Number: 

<None Specific> . _ 

Was a description of the invention published, or are you planning to publish? If so, the date(s) and publication®: 

REDACT 

Was a product or prototype including the invention (i) announced, offered for sale, or sold to any third party (for example, customer, supplier, contract 
manufacturer), or (ii) sold to HP by.for example, a supplier or contract manufacturer, or (iii) is such activity proposed? if so, when and to whom?: 

REDACT 

Was the invention disclosed to anyone outside of HP, or will such disclosure occur? If so, the date(s) and name(s): 
REDACT 

If any of the above situations will occur within 3 months, call your IP attorney or the Legal Department now at 1-898-4919 or 970-898-4919. 

Was the invention described in a lab book or other record? If so, please identify (lab book #, etc.) 
REDACT 

Was the invention built or tested? If so, the date: 
REDACT 

Was this invention made under a government contract? If so, the agency and contract number 
REDACT 

Description of Invention: Please preserve ail records of the invention andattach additional pages for the following. Each additional page should 
be signed and dated by the inventor(s) and witnesses). 

A. Description of the construction and operation of the invention (include appropriate schematic, block, & timing diagrams; drawings; samples; 
graphs; flowcharts; computer listings; test results; etc.) 

B. Advantages of the invention over what has been done before. 

C. Problems solved by the invention. 

D. Prior solutions and their disadvantages (if available, attach copies of product literature, technical articles, patents, etc.). 
REDACT 
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Description of Invention: Please preserve all records.of the invention and attach additional pages for the following. Each additional page should 

be signed and dated by the inventory) and witness(es). 

Description of the construction and operation of the invention (include appropriate schematic, block, & timing diagrams; drawings; samples; graphs; 
flowcharts; computer listings; test results; etc.) 

Some computer systems, system resources and peripherals (referred periodically in this Invention Disclosure as 
"device" or "devices") incorporate self-managed authentication mechanisms that require a user credential (e.g. a 
password) as a condition for access. In this context, self-managed means that the device does not rely on an 
external service or other entity to authenticate the user on its behalf REDACT 

redact . Also, self- 

managed implies that the authentication mechanism is not governed by an overarching IT security policy that 
defines, for example, such things as required password attributes, lockout policies or even policies that enforce 
use of the authentication feature. 

This Invention Disclosure describes a method to automate the enablement of such self-managed authentication 
features with little to no user interaction. In addition, this method provides a mechanism by which such 
authentication features could be designed to more tightly integrate with a broader IT infrastructure. Doing so 
enables IT administrators to remotely enable such features on behalf of users or govern their use through a 
security policy (e.g. define minimum acceptable password length, or disallow access to system resources like 
network drives if the feature has been turned off after being enabled by the IT administrator). 

The following steps describe the general methodology: 

- Password protection for the device is invoked either by the user (through a simplified one-touch user 
interface), remotely by an IT administrator or by the computer system itself in response to a defined 
security policy update. 

- Once invoked the computer system automatically generates a strong password that can conform to 
specific password security policy using any number of techniques involving hardware or software. It is 
envisioned that actual implementations will involve generating a random password, encryption key or 
other credential; however, the exact method of creating the password is implementation specific. 

- The computer system BIOS stores the created password using a security subsystem that incorporates any 
number of attributes, but that at a minimum would, incorporate some mechanism for encrypting data (in 
this case the password) and a mechanism for controlling access to encrypted data. 

- The computer system BIOS would then enable password protection for the device using the created 
password. The computer system would then destroy the clear text password from all accessible memory 
ensuring no unauthorized access. 

- When access to the protected device is required, the security subsystem would first authenticate the user 
or other requestor. Successful authentication would then allow the above-created password to be 
decrypted and used to access the protected device. 

REDACT 



REDACT 



Write in Dark Ink on Front Side Only, Please 

REDACT 



REDACT 



REDACT 



REDACT 



REDACT 



The idea described in this Invention Disclosure solves the above problem by defining a unique method REDACT 
REDACT . In this example REDACT 

redact access credential (i.e. the password) is "AUTOMATICALLY" created in 

accordance with an IT-defmed security password policy and stored securely by some type of security subsystem 
that integrates with a more comprehensive and manageable IT security infrastructure. REDACT 
enabled drive would first require the user to authenticate to the security subsystem, which in turn would decrypt 
the REDACT password and use it to unlock the drive. 

Although the example focused on here REDACT , a hard drive access control mechanism, it is important to 
note that the fundamental idea relates to any computer system, system resource or peripheral that self-manages 
an authentication mechanism that does not integrate at all or easily with broader IT security infrastructure. 
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(1) User transparency - Minimizes any burden on users by not requiring them to remember another 
password or to conform to strong password policies that make it difficult to remember or accurately enter 
a password. 

(2) Security policy integration - By offloading user authentication to a separate security subsystem, an 
opportunity is created to integrate self-managed authentication mechanisms into a centrally managed and 
deployed security policy infrastructure, assuming that the security subsystem is integrated into such an 
infrastructure. 

(3) Strengthens security - Overall security of the system is enhanced by minimizing user burden improving 
the likelihood that users will use the feature or not undermine it by, for example, insecurely storing 
passwords on handwritten notes or choosing inherently weak passwords. In addition, potential integration 
with a broader security policy infrastructure creates an opportunity to enforce strong password policies 
that otherwise would likely not be implemented if left to individual user discretion. 

(4) Remote deployment -IT administrators are potentially able to remotely enable self-managed 
authentication mechanisms on behalf of users without the burden of having to create and manage 
passwords users use for day-to-day access to a protected device. 



Problems solved by the invention. 

This invention enhances and enables self-managed authentication mechanisms of computer systems, system 
resources or peripherals to be used with greater user transparency by allowing the access credential (e.g. 
password) to be managed by a separate security subsystem. In this context transparency implies that little to no 
user interaction or awareness is required to take advantage of the security feature. 

By transparently creating and managing an access credential on behalf of the user several problems are averted: 
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